Support » Plugin: Contact Form by WPForms - Drag & Drop Form Builder for WordPress » Cross Site Scripting vulnerabilities

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Jess Quig


    Hi brody182,

    I apologize for any misunderstanding on my end, however none of the files shared in your screenshot are part of our plugin. Additionally, we checked your site code and it doesn’t appear that WPForms is currently installed on your site.

    However, if you’ve noticed any kind of issue please do let our team know. We take all bug/issue reports very seriously. Please share any details of issues you’re seeing via our contact form:


    Thread Starter jon182


    well of course the files in the screen shot are not part of your plugin, its an xss vulnerability. I currently disabled wpforms, the only thing I have installed is Genesis framework and genesis plugins + wpforms

    Plugin Author Jared Atchison


    Hey brody182,

    Thanks for clarifying! We take security very seriously at WPForms.

    Unfortunately, without additional information we can’t assume this was due to WPForms. What your describing can also occur from incorrect file permissions and/or site setup, being hosted with a shared web host (where another site on the server gets hacked), etc.

    If further details become available that point in our directions then we definitely want to know. However, at this point, with over 1 million active installs we have not had any reports of similar issues.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Cross Site Scripting vulnerabilities’ is closed to new replies.